New Rowhammer Attacks Target NVIDIA Ampere GPUs, Researchers Say
AI-generated from multiple sources. Verify before acting on this reporting.
Two independent research teams have demonstrated new rowhammer attacks against NVIDIA Ampere generation graphics processing units, a vulnerability that allows attackers to gain full control of central processing unit memory and achieve complete system compromise.
The findings, presented on Tuesday, reveal that the attacks exploit physical memory access patterns to flip bits in adjacent memory rows, a technique known as rowhammering. While previously documented in system RAM, the researchers showed that the same mechanism can be weaponized against the high-density memory architecture found in modern GPUs.
The vulnerability enables malicious actors to bypass hardware isolation mechanisms designed to separate GPU operations from the host system. By triggering specific memory access sequences, the attacks can overwrite critical data structures in the CPU's address space. This breach of isolation grants attackers arbitrary read and write access, effectively allowing them to execute code with elevated privileges and take over the entire machine.
NVIDIA Ampere architecture, introduced in 2020, powers a wide range of professional and consumer graphics cards used in data centers, artificial intelligence workloads, and high-performance gaming systems. The widespread deployment of these chips means the potential impact of the vulnerability extends across enterprise infrastructure and personal computing devices alike.
The research teams detailed the technical mechanics of the exploit, showing how the attacks can be executed without requiring physical access to the target machine. The method relies on software running within the GPU's execution environment to hammer memory rows until bit flips occur. Once the memory corruption is achieved, the attacker can redirect execution flow to malicious payloads.
Security experts note that the discovery highlights the growing complexity of hardware vulnerabilities in specialized accelerators. As GPUs become more integral to general computing tasks, the attack surface expands beyond traditional CPU-centric defenses. The ability to compromise system memory through a graphics processor suggests that existing mitigation strategies may be insufficient.
NVIDIA has not yet issued a public statement regarding the specific findings. The company typically addresses such vulnerabilities through coordinated disclosure processes, which may involve developing patches or firmware updates to mitigate the risk. Until a fix is deployed, system administrators and users are advised to monitor for official guidance.
The research raises questions about the resilience of hardware isolation in next-generation computing architectures. As memory densities continue to increase, the physical proximity of memory cells may make them more susceptible to rowhammer effects. Whether similar vulnerabilities exist in other GPU generations or competing hardware remains to be determined.
The full technical details of the attacks are expected to be published in an upcoming security conference, providing the broader research community with the data needed to develop countermeasures. Until then, the vulnerability represents a significant threat to systems relying on NVIDIA Ampere hardware.